security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Rule Tuning] Add system index to Windows Event Logs Cleared (#1502)

Browse Source
This commit is contained in:
Justin Ibarra
2021-09-24 09:04:56 -08:00
committed by GitHub
parent 61afb1c1c0
commit 63d6a54804
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/defense_evasion_clearing_windows_security_logs.toml
+1 -1
View File
@@ -10,7 +10,7 @@ Identifies attempts to clear Windows event log stores. This is often done by att
or destroy forensic evidence on a system.
"""
from = "now-9m"
index = ["winlogbeat-*", "logs-windows.*"]
index = ["winlogbeat-*", "logs-windows.*", "logs-system.*"]
language = "kuery"
license = "Elastic License v2"
name = "Windows Event Logs Cleared"